When running an Apache web server, one of your most important tools for monitoring and troubleshooting is the access log. The Apache access log provides a granular record of every client request your web server handles, including the request method, path, HTTP status code, user agent, and more. In this article, I’ll show you how to dive into your Apache access logs using command-line tools—essential knowledge for any Linux server administrator.

Locating the Access Log

On most distributions, you’ll find Apache’s access log at one of the following locations:

• /var/log/apache2/access.log (Debian/Ubuntu)
• /var/log/httpd/access_log (CentOS/RHEL/Fedora)

You might also have separate logs for different virtual hosts or custom log locations defined in your configuration. Always check your Apache config for the CustomLog directive to be sure.

Tailing the Log in Real Time

To watch incoming traffic as it happens, use tail -f:

tail -f /var/log/apache2/access.log

This will print each incoming request as a new line in your terminal—very helpful for debugging or tracking down suspicious activity.

Filtering Logs for Insights

The real power comes when you combine Unix command-line tools to parse your access logs. Here are a few practical examples:

1. Find the Most Requested URLs

awk '{print $7}' /var/log/apache2/access.log | sort | uniq -c | sort -nr | head -20

This command prints the top 20 requested URLs, helping you see which pages are most popular or being targeted.

2. Count Requests from Each IP

awk '{print $1}' /var/log/apache2/access.log | sort | uniq -c | sort -nr | head -20

This is a quick way to spot potential crawlers, DDoS attacks, or just see your most active users.

3. Filter by Status Code

Want to see all 404 (Not Found) errors?

awk '$9==404 {print $0}' /var/log/apache2/access.log

Or just count them:

awk '$9==404 {count++} END {print count}' /var/log/apache2/access.log

4. See Requests in a Date Range

If you want logs from a specific day (e.g., July 13, 2025):

grep '13/Jul/2025' /var/log/apache2/access.log

Rotated and Compressed Logs

Apache rotates logs regularly, so you might find recent logs in compressed files like access.log.1.gz. To search inside them:

gzcat /var/log/apache2/access.log.1.gz | grep '404'

Use zcat on some systems if gzcat isn’t available.

Pro Tip: Make Log Analysis a Habit

Spend a few minutes each week (or automate it with scripts) to scan your Apache access logs. You’ll catch issues early—misbehaving bots, configuration errors, or routes no longer in use—and ensure your site stays in top shape.

Happy monitoring! If you have your own handy log analysis tricks, share them below.

— Lenny